{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-7207", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-07-07T12:21:11.405Z", "datePublished": "2025-07-09T00:02:07.237Z", "dateUpdated": "2025-07-09T13:08:10.538Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-07-09T00:02:07.237Z"}, "title": "mruby nregs codegen.c scope_new heap-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-122", "lang": "en", "description": "Heap-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "n/a", "product": "mruby", "versions": [{"version": "3.4.0-rc1", "status": "affected"}, {"version": "3.4.0-rc2", "status": "affected"}], "modules": ["nregs Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scope_new of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 1fdd96104180cc0fb5d3cb086b05ab6458911bb9. It is recommended to apply a patch to fix this issue."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in mruby bis 3.4.0-rc2 gefunden. Sie wurde als problematisch eingestuft. Hiervon betroffen ist die Funktion scope_new der Datei mrbgems/mruby-compiler/core/codegen.c der Komponente nregs Handler. Mittels Manipulieren mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 1fdd96104180cc0fb5d3cb086b05ab6458911bb9 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2025-07-07T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-07-07T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-07-07T14:27:08.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "JJLeo (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.315156", "name": "VDB-315156 | mruby nregs codegen.c scope_new heap-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.315156", "name": "VDB-315156 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.607683", "name": "Submit #607683 | mruby mruby 3.4.0-rc2 (commit dd68681) Heap-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/mruby/mruby/issues/6509", "tags": ["issue-tracking"]}, {"url": "https://github.com/mruby/mruby/issues/6509#event-17145516649", "tags": ["issue-tracking"]}, {"url": "https://github.com/user-attachments/files/19619499/mruby_crash.txt", "tags": ["exploit"]}, {"url": "https://github.com/mruby/mruby/commit/1fdd96104180cc0fb5d3cb086b05ab6458911bb9", "tags": ["patch"]}]}, "adp": [{"references": [{"url": "https://github.com/mruby/mruby/issues/6509", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-09T13:08:07.309680Z", "id": "CVE-2025-7207", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-09T13:08:10.538Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-7207", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-09T13:08:07.309680Z"}}}], "references": [{"url": "https://github.com/mruby/mruby/issues/6509", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-09T13:08:01.150Z"}}], "cna": {"title": "mruby nregs codegen.c scope_new heap-based overflow", "credits": [{"lang": "en", "type": "reporter", "value": "JJLeo (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"}}], "affected": [{"vendor": "n/a", "modules": ["nregs Handler"], "product": "mruby", "versions": [{"status": "affected", "version": "3.4.0-rc1"}, {"status": "affected", "version": "3.4.0-rc2"}]}], "timeline": [{"lang": "en", "time": "2025-07-07T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-07-07T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-07-07T14:27:08.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.315156", "name": "VDB-315156 | mruby nregs codegen.c scope_new heap-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.315156", "name": "VDB-315156 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.607683", "name": "Submit #607683 | mruby mruby 3.4.0-rc2 (commit dd68681) Heap-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/mruby/mruby/issues/6509", "tags": ["issue-tracking"]}, {"url": "https://github.com/mruby/mruby/issues/6509#event-17145516649", "tags": ["issue-tracking"]}, {"url": "https://github.com/user-attachments/files/19619499/mruby_crash.txt", "tags": ["exploit"]}, {"url": "https://github.com/mruby/mruby/commit/1fdd96104180cc0fb5d3cb086b05ab6458911bb9", "tags": ["patch"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scope_new of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 1fdd96104180cc0fb5d3cb086b05ab6458911bb9. It is recommended to apply a patch to fix this issue."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in mruby bis 3.4.0-rc2 gefunden. Sie wurde als problematisch eingestuft. Hiervon betroffen ist die Funktion scope_new der Datei mrbgems/mruby-compiler/core/codegen.c der Komponente nregs Handler. Mittels Manipulieren mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 1fdd96104180cc0fb5d3cb086b05ab6458911bb9 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "Heap-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-07-09T00:02:07.237Z"}}}, "cveMetadata": {"cveId": "CVE-2025-7207", "state": "PUBLISHED", "dateUpdated": "2025-07-09T13:08:10.538Z", "dateReserved": "2025-07-07T12:21:11.405Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-07-09T00:02:07.237Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scope_new of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 1fdd96104180cc0fb5d3cb086b05ab6458911bb9. It is recommended to apply a patch to fix this issue."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad clasificada como problem\u00e1tica en mruby hasta la versi\u00f3n 3.4.0-rc2. La funci\u00f3n scope_new del archivo mrbgems/mruby-compiler/core/codegen.c del componente nregs Handler se ve afectada. La manipulaci\u00f3n provoca un desbordamiento del b\u00fafer en el mont\u00f3n. Un ataque debe abordarse localmente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. El parche se llama 1fdd96104180cc0fb5d3cb086b05ab6458911bb9. Se recomienda aplicar un parche para solucionar este problema."}], "id": "CVE-2025-7207", "lastModified": "2025-07-10T13:18:53.830", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 1.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "[email protected]", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-07-09T01:15:50.380", "references": [{"source": "[email protected]", "url": "https://github.com/mruby/mruby/commit/1fdd96104180cc0fb5d3cb086b05ab6458911bb9"}, {"source": "[email protected]", "url": "https://github.com/mruby/mruby/issues/6509"}, {"source": "[email protected]", "url": "https://github.com/mruby/mruby/issues/6509#event-17145516649"}, {"source": "[email protected]", "url": "https://github.com/user-attachments/files/19619499/mruby_crash.txt"}, {"source": "[email protected]", "url": "https://vuldb.com/?ctiid.315156"}, {"source": "[email protected]", "url": "https://vuldb.com/?id.315156"}, {"source": "[email protected]", "url": "https://vuldb.com/?submit.607683"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/mruby/mruby/issues/6509"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-122"}], "source": "[email protected]", "type": "Secondary"}]}

{"bugzilla": {"description": "mruby: mruby Heap Buffer Overflow", "id": "2378935", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378935"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "(CWE-119|CWE-122)", "details": ["A flaw was found in mruby. The `scope_new` function in `mrbgems/mruby-compiler/core/codegen.c` contains a heap-based buffer manipulation, potentially leading to memory corruption. A local attacker can trigger this vulnerability through crafted input, resulting in a potential denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-7207", "package_state": [{"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Fix deferred", "package_name": "openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Fix deferred", "package_name": "openshift-service-mesh/istio-cni-rhel9", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Fix deferred", "package_name": "openshift-service-mesh/istio-must-gather-rhel9", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Fix deferred", "package_name": "openshift-service-mesh/istio-pilot-rhel9", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Fix deferred", "package_name": "openshift-service-mesh/istio-proxyv2-rhel9", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Fix deferred", "package_name": "openshift-service-mesh/istio-rhel9-operator", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Fix deferred", "package_name": "openshift-service-mesh/istio-sail-operator-bundle", "product_name": "OpenShift Service Mesh 3"}], "public_date": "2025-07-09T00:02:07Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-7207\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-7207\nhttps://github.com/mruby/mruby/commit/1fdd96104180cc0fb5d3cb086b05ab6458911bb9\nhttps://github.com/mruby/mruby/issues/6509\nhttps://github.com/mruby/mruby/issues/6509#event-17145516649\nhttps://github.com/user-attachments/files/19619499/mruby_crash.txt\nhttps://vuldb.com/?ctiid.315156\nhttps://vuldb.com/?id.315156\nhttps://vuldb.com/?submit.607683"], "threat_severity": "Low"}